CWE-79
High likelihoodImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
45,139 vulnerabilities with CWE-79
CVE-2025-57763
MEDIUM
WeGIA < 3.4.7 - Reflected Cross-Site Scripting via insere_despacho.php CPF Parameter
CVSS 6.1
CVE-2025-57762
MEDIUM
WeGIA < 3.4.7 - Stored Cross-Site Scripting via dependente_docdependente.php Nome Parameter
CVSS 6.1
CVE-2025-55522
MEDIUM
Akaunting 3.0.4-3.1.18 - Stored Cross-Site Scripting via Name Parameter in Reports Component
CVSS 6.5
CVE-2025-43756
MEDIUM
Liferay Digital Experience Platform < 2024.q1.20 - XSS
CVSS 5.4
CVE-2025-43755
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.17 - Authenticated Stored XSS via GroupPagesPortlet
CVSS 5.4
CVE-2025-9306
LOW
SourceCodester Advanced School Management System 1.0 - XSS
CVSS 3.5
CVE-2025-55742
HIGH
UnoPim < 0.2.1 - Stored Cross-Site Scripting via SVG MIME/Sanitizer Bypass
CVSS 8.0
CVE-2025-55420
HIGH
FoxCMS 1.2.6 - Reflected Cross-Site Scripting in index.php
CVSS 8.8
CVE-2025-8064
MEDIUM
Bible SuperSearch <= 6.0.1 - Authenticated Stored Cross-Site Scripting via selector_height Parameter
CVSS 6.4
CVE-2025-8607
MEDIUM
SlingBlocks - Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <...
CVSS 6.4
CVE-2025-53504
MEDIUM
Group-Office <6.8.119 & <25.0.20 - XSS
CVSS 5.4
CVE-2025-43757
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via DDMPortlet Definition
CVSS 5.4
CVE-2025-43746
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via DDMPortlet Parameters
CVSS 5.4
CVE-2025-9237
LOW
CodeAstro Ecommerce Website 1.0 - XSS
CVSS 3.5
CVE-2025-47054
MEDIUM
Adobe Experience Manager < 6.5.23.0 and < 2025.5.0 - DOM-based Cross-Site Scripting
CVSS 5.4
CVE-2025-9235
LOW
Scada-LTS <= 2.7.8.1 - Stored Cross-Site Scripting via compound_events.shtm Name Parameter
CVSS 3.5
CVE-2025-9234
LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via maintenance_events.shtm Alias Parameter
CVSS 3.5
CVE-2025-46998
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46962
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46936
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46932
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46856
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46852
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-46849
MEDIUM
Adobe Experience Manager <6.5.22 - XSS
CVSS 5.4
CVE-2025-9233
LOW
Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via view_edit.shtm Name Parameter
CVSS 3.5
Details
Vulnerabilities
45,139
Exploit Likelihood
High